Share this Page

Higher Ed Wrestles with Risks of Removable Storage

By Paul McCloskey

09/13/07

Like IT managers across corporate America, campus IT managers are trying to solve the problem of securing removable storage devices in an open environment like a university.

Jason Pufahl, who heads information security at the University of Connecticut, told Computerworld that a prohibition on removable media such as USB drives, iPods, and iPhones, is impossible in the open environment of academia.

"We don't have the flexibility to simply say all inbound traffic is locked down or we're going to allow outbound traffic on only specific ports," Pufahl told Computerworld. "We just can't do that. We have to try to provide security when leaving things open, which is really difficult."

Universities seem to be reporting the loss of storage media on a regular basis, according to Computerworld.

In May, a professor a professor at Bowling Green University had a flash drive stolen during final exams that held Social Security numbers of 199 former students. [Editor's note: We had previously reported that the drive had been lost, rather than stolen. --D.N.] The university is working on encryption project to protect computers across campus, a BG spokeswoman told Computerworld. "Policies are being looked at again to see what else we could be doing," she said. "These portable storage devices are just so convenient."

In June, Michigan's Grand Valley State University had to notify 3,000 students of a stolen Zip drive. The university is currently examining password- and encryption-protected USB drives from SanDisk Corp. and Kingston Technology Co., said John Klein, associate director of academic services told Computerworld.

Klein said schools must educate students better about the dangers of using the devices. "It's not their home network anymore, where they are safe and cozy and warm," he told Computerworld. "It's a campus network, where virtually any computer via a hacker is viewable and can be attacked."